Command Injection Vulnerability in TP-LINK Routers
CVE-2023-31188

8HIGH

Key Information:

Vendor: Tp-link
Status: Archer C50; Archer C55; Archer C20
Vendor: CVE Published:; 6 September 2023

Summary

A vulnerability exists in multiple TP-LINK Archer routers that allows a network-adjacent authenticated attacker to execute arbitrary OS commands. This issue arises due to improper validation of input, permitting malicious actions through crafted requests. Users of the Archer C50, C55, and C20 routers must promptly update their firmware to ensure protection from potential exploitation. Detailed firmware versions that require updating are listed in the affected products section.

Affected Version(s)

Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'

Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505'

Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506'

References

https://www.tp-link.com/jp/support/download/archer-c50/v3...

https://www.tp-link.com/jp/support/download/archer-c55/#F...

https://www.tp-link.com/jp/support/download/archer-c20/v1...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Aug 15, 2023